On Fri, 2013-12-06 at 16:07 +0100, Ralf Corsepius wrote: > > This approach has been > > working perfectly for many years and I don't think much has changed in > > that area lately. > There were reports of abrt sending out private and confidential > information to the net and reports of abrt sending reports without > inspection. There was one particular crash which was leaking passwords in a way that made it very difficult for abrt to catch. I think there were two or three (not the vague "two or three", but precisely either two, or three) reports affected. Pedro Francisco very smartly caught this and we locked down the affected bugs ASAP. I have never seen "abrt sending reports without inspection." It starts out by popping up notifications that let you send a FAF report (which AIUI contains only the summary backtrace, and doesn't need inspection as there's no chance of it containing sensitive user data). I think there's a checkbox to have it send those FAF reports without showing a notification. But I don't believe it's possible for it to send out a full-on backtrace without the user explicitly requesting it via abrt-gui or abrt-cli. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
